Merge "Add 2 new system properties for Quick Start" into udc-dev am: 5fd77a4e68 am: ec3e029174

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22872879

Change-Id: I981c52220d24c1fe9615266f1f717c5f946873bc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

prebuilts/api/34.0/private/compat/33.0/33.0.ignore.cil

@@ -55,6 +55,7 @@
     permissive_mte_prop
     persist_sysui_builder_extras_prop
     prng_seeder
+    quick_start_prop
     recovery_usb_config_prop
     remote_provisioning_service
     rkpdapp

prebuilts/api/34.0/private/gmscore_app.te

@@ -152,6 +152,11 @@ get_prop(gmscore_app, dck_prop)
 # Allow GMSCore to read RKP properties for the purpose of GTS testing.
 get_prop(gmscore_app, remote_prov_prop)
 
+# Allow GmsCore to read Quick Start properties and prevent access from other
+# policies.
+get_prop(gmscore_app, quick_start_prop)
+neverallow { domain -init -dumpstate -vendor_init -gmscore_app } quick_start_prop:file no_rw_file_perms;
+
 # Do not allow getting permission-protected network information from sysfs.
 neverallow gmscore_app sysfs_net:file *;
 

prebuilts/api/34.0/private/property_contexts

@@ -1561,3 +1561,7 @@ ro.usb.uvc.enabled      u:object_r:usb_uvc_enabled_prop:s0 exact bool
 
 # System UI notification properties
 persist.sysui.notification.builder_extras_override u:object_r:persist_sysui_builder_extras_prop:s0 exact bool
+
+# Properties for Quick Start setup.
+ro.quick_start.oem_id u:object_r:quick_start_prop:s0 exact string
+ro.quick_start.device_id u:object_r:quick_start_prop:s0 exact string

prebuilts/api/34.0/public/property.te

@@ -171,6 +171,7 @@ system_vendor_config_prop(mediadrm_config_prop)
 system_vendor_config_prop(mm_events_config_prop)
 system_vendor_config_prop(oem_unlock_prop)
 system_vendor_config_prop(packagemanager_config_prop)
+system_vendor_config_prop(quick_start_prop)
 system_vendor_config_prop(recovery_config_prop)
 system_vendor_config_prop(recovery_usb_config_prop)
 system_vendor_config_prop(sendbug_config_prop)

private/compat/33.0/33.0.ignore.cil

@@ -55,6 +55,7 @@
     permissive_mte_prop
     persist_sysui_builder_extras_prop
     prng_seeder
+    quick_start_prop
     recovery_usb_config_prop
     remote_provisioning_service
     rkpdapp

private/gmscore_app.te

@@ -152,6 +152,11 @@ get_prop(gmscore_app, dck_prop)
 # Allow GMSCore to read RKP properties for the purpose of GTS testing.
 get_prop(gmscore_app, remote_prov_prop)
 
+# Allow GmsCore to read Quick Start properties and prevent access from other
+# policies.
+get_prop(gmscore_app, quick_start_prop)
+neverallow { domain -init -dumpstate -vendor_init -gmscore_app } quick_start_prop:file no_rw_file_perms;
+
 # Do not allow getting permission-protected network information from sysfs.
 neverallow gmscore_app sysfs_net:file *;
 

private/property_contexts

@@ -1561,3 +1561,7 @@ ro.usb.uvc.enabled      u:object_r:usb_uvc_enabled_prop:s0 exact bool
 
 # System UI notification properties
 persist.sysui.notification.builder_extras_override u:object_r:persist_sysui_builder_extras_prop:s0 exact bool
+
+# Properties for Quick Start setup.
+ro.quick_start.oem_id u:object_r:quick_start_prop:s0 exact string
+ro.quick_start.device_id u:object_r:quick_start_prop:s0 exact string

public/property.te

@@ -171,6 +171,7 @@ system_vendor_config_prop(mediadrm_config_prop)
 system_vendor_config_prop(mm_events_config_prop)
 system_vendor_config_prop(oem_unlock_prop)
 system_vendor_config_prop(packagemanager_config_prop)
+system_vendor_config_prop(quick_start_prop)
 system_vendor_config_prop(recovery_config_prop)
 system_vendor_config_prop(recovery_usb_config_prop)
 system_vendor_config_prop(sendbug_config_prop)